Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit

171

172

173

174

175

176

177

178

179

180

Fabric OS Encryption Administrator’s Guide 159

53-1002159-03

Crypto LUN configuration

c. Commit the configuration.

FabricAdmin:switch>cryptocfg --commit

Operation Succeeded

d. Display the LUN configuration.

FabricAdmin:switch>cryptocfg --show -LUN my_tape_tgt 0x0 \

10:00:00:00:c9:2b:c9:3a -cfg

EE node: 10:00:00:05:1e:41:9a:7e

EE slot: 0

Target: 20:0c:00:06:2b:0f:72:6d 20:00:00:06:2b:0f:72:6d

VT: 20:00:00:05:1e:41:4e:1d 20:01:00:05:1e:41:4e:1d

Number of host(s): 1

Configuration status: committed

Host: 21:00:00:e0:8b:89:9c:d5 20:00:00:e0:8b:89:9c:d5

VI: 10:00:00:00:c9:2b:c9:3a 20:03:00:05:1e:41:4e:31

LUN number: 0x0

LUN type: tape

LUN status: 0

Encryption mode: encrypt

Encryption format: DF_compatible

Tape type: tape

Key life: 90 (day)

Volume/Pool label:

Operation succeeded.

Removing a LUN from a CryptoTarget container

You can remove a LUN from a given CryptoTarget container if it is no longer needed. Stop all traffic

I/O from the initiators accessing the LUN before removing the LUN to avoid I/O failure between the

initiators and the LUN. If the LUN is exposed to more than one initiator under different LUN

Numbers, remove all exposed LUN Numbers.

1. Log in to the group leader as Admin or FabricAdmin.

2. Enter the cryptocfg

--remove -LUN command followed by the CryptoTarget container name,

the LUN Number, and the initiator PWWN.

FabricAdmin:switch>cryptocfg --remove -LUN my_disk_tgt 0x0

10:00:00:00:c9:2b:c9:3a

Operation Succeeded

3. Commit the configuration with the -force option to completely remove the LUN and all

associated configuration data in the configuration database. The data remains on the removed

LUN in an encrypted state.

FabricAdmin:switch>cryptocfg --commit -force

Operation Succeeded

CAUTION

In case of multiple paths for a LUN, each path is exposed as a CryptoTarget container in the same

encryption switch or blade or on different encryption switches or blades within the encryption

group. In this scenario you must remove the LUNs from all exposed CryptoTarget containers

before you commit the transaction. Failure to do so may result in a potentially catastrophic

situation where one path ends up being exposed through the encryption switch and another path